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STATEMENT OF THE CASE 

This is an appeal under 35 U.S.C. § 134(a) from the Examiner's final 
rejection of claims 1-7, 14-20, and 25-31. We have jurisdiction under 35 
U.S.C. § 6(b). 

We affirm. 

Invention 

Appellant's invention relates to an authentication process in a 
distributed data processing system. Authentication data is encrypted using a 
public key and an attribute certificate containing the encrypted 
authentication data is generated by an attribute-certificate-issuing authority. 
When one requires access to a controlled resource, the resource authenticates 
the user based on the provided authentication data. {See Abstract.) 

Representative Claim 
1 . A method for an authentication process within a 
distributed data processing system, the method comprising: 

receiving an attribute certificate from a client at a host within 

the distributed data processing system; 
extracting encrypted authentication data from the attribute 

certificate, wherein the encrypted authentication data was 
generated by encrypting authentication data with a public 
key associated with the host; 
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decrypting the encrypted authentication data to regenerate the 
authentication data using a private key associated with 
the host; and 

forwarding the authentication data to a controlled resource 

which authenticates the client based on the authentication 
data before allowing the client to access the controlled 
resource. 



Prior Art 

Perlman 5,892,828 Apr. 6, 1999 

Olden 6,460,141 Bl Oct. 1, 2002 

Butt 6,754,829 Bl Jun. 22, 2004 

Wood 6,892,307 Bl May 10, 2005 

Examiner's Rejections/Claims 

Claims 1, 3-6, 14, 16-19, 25, and 27-30 stand rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Wood and Perlman. 

Claims 2, 15, and 26 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Wood, Perlman, and Olden. 

Claims 7, 20, and 31 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Wood, Perlman, and Butt. 

Claims 8-13, 21-24, and 32-35 have been canceled. 



Claim Groupings 
Based on Appellant's arguments in the Appeal Brief, we will decide 
the appeal on the basis of independent claim 1 and dependent claim 4, which 
is separately argued. See 37 C.F.R. § 41.37(c)(l)(vii). 
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FINDINGS OF FACT 
We refer to and rely on the Examiner' s findings set out at pages 3 and 
4 of the Answer, where the Examiner applies the teachings of Wood and 
Perlman to instant claim 1 . 

PRINCIPLES OF LAW 

During prosecution before the USPTO, claims are to be given their 
broadest reasonable interpretation, and the scope of a claim cannot be 
narrowed by reading disclosed limitations into the claim. See In re Morris, 
127 F.3d 1048, 1054 (Fed. Cir. 1997); In re Zletz, 893 F.2d 319, 321 (Fed. 
Cir. 1989); In re Prater, 415 F.2d 1393, 1404-05 (CCPA 1969). 

Our reviewing court has repeatedly warned against confining the 
claims to specific embodiments described in the specification. Phillips v. 
AWH Corp., 415 F.3d 1303, 1323 (Fed. Cir. 2005) (en banc). 

Nonobviousness cannot be established by attacking references 
individually where the rejection is based upon the teachings of a 
combination of references. In re Merck & Co., 800 F.2d 1091, 1097 (Fed. 
Cir. 1986) (citing In re Keller, 642 F.2d 413, 425 (CCPA 1981)). 

ANALYSIS 
I. 

Appellant admits that Wood discloses decrypting encrypted login 
credentials. However, Appellant contends that Wood does not teach the 
"two, distinct claim requirements" of extracting encrypted authentication 
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data from the attribute certificate and decrypting the encrypted 
authentication data to regenerate the authentication data. (App. Br. 5.) 

The Examiner responds (Ans. 9) that Wood teaches that the login 
credentials must be decrypted to be recovered. To decrypt the credentials, 
they must be extracted from the credentials structure; else, they could not be 
recovered. The Examiner finds that Wood thus teaches both extracting and 
decrypting. (Id.) 

We are not persuaded of error in the Examiner's finding. Moreover, 
Appellant's Specification teaches (e.g., at 30:1-9) that data may be decrypted 
and the data of interest extracted. Claim 1 thus may be read as decrypting 
the encrypted authentication data and then extracting the encrypted 
authentication data. Unless the steps of a method actually recite an order, 
the steps are not ordinarily construed to require one. Interactive Gift 
Express, Inc. v. CompuServe, Inc., 256 F.3d 1323, 1342 (Fed. Cir. 2001). 
Wood teaches decrypting encrypted authentication data and retrieving the 
data of interest (login credentials) that resides in the encrypted data, 
consistent with the requirements of instant claim 1 . 

II. 

Appellant alleges differences between the instant invention and 
Perlman (App. Br. 5-6), which are not in dispute. Appellant concludes that a 
prima facie case of obviousness has not been established because neither 
Perlman nor Wood discloses or suggests "a host that forwards the 
authentication data to a controlled resource which authenticates the client 



5 



Appeal 2009-001308 
Application 09/821,079 



based on the authentication data before allowing the client to access the 
controlled resource." {Id. at 6.) 

Appellant's argument with respect to a "host" forwarding the 
authentication data is not commensurate with the scope of instant claim 1. 
The claim is silent with respect to what may effect the "forwarding" of the 
authentication data to a controlled resource. We thus find Appellant's 
position to be untenable. 

III. 

Appellant submits new arguments and new evidence in the Reply 
Brief. The new evidence has not been properly submitted {see 37 C.F.R. §§ 
41.33 and 41.41). The new arguments are untimely, as they could have been 
presented in the Appeal Brief such that we would have had benefit of the 
Examiner's response to the new arguments. A reply brief is properly used to 
respond to new points of argument raised by the Examiner in the examiner's 
answer, not as a way to present new arguments. See Optivus Tech., Inc. v. 
Ion Beam Applications S.A., 469 F.3d 978, 989 (Fed. Cir. 2006) (an issue not 
raised in an opening brief is waived). 

In any event, Appellant now seems to argue that the claimed "attribute 
certificate" is limited to a particular embodiment of "attribute certificate" 
described in the Specification, while Wood teaches a "public key certificate" 
(PKC) process. (Reply Br. 1-2.) 

We do not find the new arguments persuasive. We decline to read a 
particular type of "attribute certificate" into instant claim 1. We also note 
that claim 7, which depends from claim 1, specifies the type of "attribute 
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certificate." The Examiner has rejected claim 7 over a different ground of 
rejection, relying on Butt in teaching the specifics of claim 7. Further, 
Appellant has not pointed out where Wood might refer to credentials 
structure 410 (Fig. 4) as a "PKC," or otherwise refers to a "PKC" process. 

IV. 

Claim 4, depending from claim 1, recites authenticating the client for 
access to the controlled resource based on the authentication data. Appellant 
contends that Perlman contains no reference to authenticating the client 
based on the "authentication data" that was extracted and encrypted as 
claimed. (App. Br. 6.) 

The rejection of claim 1 and claim 4, however, does not rely on 
Perlman for teaching the "authentication data" itself, but for forwarding 
authentication data to a controlled resource for access to the controlled 
resource based on the authentication data. {See Ans. 3-4, 9-10.) Appellant's 
argument does not speak to the combined teachings of the references. See In 
re Merck & Co., 800 F.2d at 1097. We are thus not persuaded of error in the 
rejection of claim 4. 

V. 

For the foregoing reasons we are not persuaded of error in the 
rejection of any claim on appeal. We sustain the Examiner's rejections 
under § 103(a). 
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DECISION 

The rejection of claims 1, 3-6, 14, 16-19, 25, and 27-30 under 35 
U.S.C. § 103(a) as being unpatentable over Wood and Perlman is affirmed. 

The rejection of claims 2, 15, and 26 under 35 U.S.C. § 103(a) as 
being unpatentable over Wood, Perlman, and Olden is affirmed. 

The rejection of claims 7, 20, and 31 under 35 U.S.C. § 103(a) as 
being unpatentable over Wood, Perlman, and Butt is affirmed. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a). 

AFFIRMED 



msc 



HAMILTON & TERRILE, LLP 
IBM Austin 
P.O. BOX 203518 
AUSTIN TX 78720 
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